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Claims: 

What is claimed is: 

1. Process for the automated creation of roles for a role-based access 
control system of an enterprise, whereas the system organizes and 
manages the access of users to sensitive information in an inter- 
and/or intranet, by means of at least one data base comprising at 
least the relevant, existing secuiity data about users and their access 
to sensitive information, the data base being connected to a 
computer, the process comprises the following steps: 

a) loading the security data from the data base into the computer 

b) mining the loaded data to find similarities that will allow the 
creation of organizational roles and/or functional roles and 

c) creation of at least one role based on the outcome of step b. 

2. Process according to claim 1, whereas the computer is connected to 
the inter-and/or intranet and automatically assigns the created 
role(s) according to step c to the users in the inter- and/or intranet. 

3. Process according to claim 1, whereas the database is stored on a 
hard disk. 

4. Process according to claim 1, whereas the database is stored on the 
RAM of a computer. 

5. Process according to claim 1, whereas the mining of the loaded 
security data comprises clustering the loaded data to find suitable 
semantics for role description and/or statistics for values of all role 
attiibutes. 
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6. Process according to claim 1, whereas the mining of the loaded 
security data comprises association methods to find similarities in 
the loaded security data and preferably group as much as possible of 
the security data into as little as possible roles. 

7. Process according to claim 1, whereas the resulting roles are 
automatically checked and approved by the computer before they 
are assigned to the users. 

8. Process according to claim 1, whereas the relevant data is at least 
access control data, organizational data and/or functional data of the 
enterprise. 

9. Process according to claim 1, that in a first step the data is explored 
by the computer. 

10. Process according to claim 1, whereas the created roles are 
automatically stored in the data base. 


